The installation process is carried out by means of a bash script. After agreeing the license, the installer asks if we want to create a link for avupdate-guard.

[root@centos antivir-workstation-pers-3.1.3.5-0]# ./install
...
Would you like to create a link in /usr/sbin for avupdate-guard ? [y]
linking /usr/sbin/avupdate-guard to /usr/lib/AntiVir/guard/avupdate-guard ... done

Then the script can establish a cron task (/etc/cron.d/avira_updater) for automatic updates.

Would you like to setup Scanner update as cron task ? [y]
...
What time should updates be done [00:15]?
creating Scanner update cronjob ... done

The previous task checks if there is any update related to the scanner, engine or vdf files. On the contrary, if you accept the next request, the Guard module will be also updated periodically.

Would you like to check for Guard updates once a week ? [n]
setup internet updater complete

Next step takes care of installing DazukoFS. Due to this operation was previously accomplished, it will not be necessary to repeat it.

Preinstalled dazukofs module found on your system.
Would you like to reinstall dazukofs now ? [y] n
Dazukofs module is loaded

Through the following question, you can specify what directories must be protected by AntiVir Guard. I have selected the default option. Later, you may change this choice or add more directories by editing the fstab file.

Watch out with this selection, because regardless of the antivirus used, when you set up an on-access daemon, you have to avoid certain directories such as /sys, /proc, /root or directly /.

Guard will automatically protect all directories which are mounted upon dazukofs filesystem.
Please specify at least one directory to be protected by Guard to add in /etc/fstab : [/home]
The following directories will be protected by Guard:
/home

Then the installer verifies if the quarantine directory exists. This directory is used to isolate a suspect or infected file, so as to be able to repair it later.

Would you like to create /home/quarantine ? [y]
creating /home/quarantine ... done

Afterwards, you are asked if you want to make a link to AntiVir Guard and whether it should be automatically activated at system start.

Would you like to create a link in /usr/sbin for avguard ? [y]
linking /usr/sbin/avguard to /usr/lib/AntiVir/guard/avguard ... done
Please specify if boot scripts should be set up.
Set up boot scripts ? [y]

Aug 22, 2011

I have always said over and over that the myth about there are no viruses for Linux is absolutely false. Occurs that there are fewer viruses on Linux because it is an open operating system, so many people may contribute quickly to fix its fails. In addition, it is more robust and less used than Windows, thereby hackers have got less interest to break it.

But figure for a moment when you are surfing the net, for instance with Firefox, and it turns out that your browser contains any critical vulnerability, or for example, the web page which you are visiting utilizes Java or Flash, and the versions that you have installed on your Linux system are vulnerable... your computer would be exposed to any attack or malware infection.

Now it is clear that many times, Linux is not really the guilty, but the responsability comes from third-party software. For that reason, I think that it is necessary to have installed a good antivirus on our Linux systems, regardless of the kind of distribution.

There are several good and free antivirus for Linux, such as avast, ClamAV, AVG, but my favourite option is Avira AntiVir. Its main features are:

The most important characteristic of Avira with regard to other solutions is the AntiVir Guard module (ClamAV has got it too), which runs as a daemon process and it is permanently monitoring all the accesses to the system (on-access) and saving it against possible viruses.

Other modules belonging to Avira are AntiVir Command Line Scanner (allows to scan files in search of viruses or suspicious elements, and it can be integrated with scripts) and AntiVir Updater (downloads current updates from the Avira web servers, manually or automatically).

Also say that AntiVir Guard is based on DazukoFS, an open source software that provides a kernel module which lets execute online file access control, by intercepting memory and disk calls and passing the information to an user space application, in this case Avira AntiVir. Other applications are also based on Dazuko, such as ClamAV, Panda Security for Linux, F-Secure, etc.

The AntiVir installation package supplies a DazukoFS version which is automatically configured and installed (in theory). DazukoFS depends on the kernel version; for this purpose it is better to install manually this module.

Therefore let's get going to download the version 3.1.2 of Dazuko (this number of version works fine with a 2.6.32 kernel) and install it on our testing system, CentOS 6.0 (32 bits). To begin with, I will also get some necessary packages.

Lastly, also point out that the license of this antivirus allows you to install it for a personal use, for instance on your own PC or your home server. Note that if you use AntiVir Guard via DazukoFS, you will need to compile this module when you change the kernel. For production environments I always suggest ClamAV.

First of all, I am going to use for my testing, a ttylinux image, downloaded directly from the OpenNebula website. This sort of Linux distribution is designed to consume fewer resources than a typical operating system such as Debian or CentOS.

Then we have to make up a virtual network which will be utilized by all virtual machines built on our KVM computing node. Note that the key of this network is the bridge created in the previous article.

Aug 9, 2011

To begin with, we are going to make up a network bridge on kvm01. For this purpose, we must put the NIC into manual mode and associate it to the bridge (br0). Remember that this new interface has also to have an IP address belonging to the own subnetwork.

The reason for creating a bridge is clear: to be able to address the virtual machines built in this node. Otherwise, we would never link them.

Then we have to install the corresponding packages to be able to virtualize machines through KVM. The ruby package will be used to manage the node from OpenNebula and nfs-common to mount the shared area exported by storage01. As you can see, the libvirtd daemon must be put into listening mode without authentication.

Besides, it is necessary to uncomment the line which says "dynamic_ownership = 1" (libvirt should dynamically change file ownership to match the configured user/group) and modify it to 0. Otherwise, you would get an error as follows.

Next step is to add a new user called oneadmin (with ID 1001, the same that in the rest of computers). I prefer to set a password up for this user because later, you have to copy the frontend01's public key in this machine.

root@zbx01:~# cat /etc/mysql/my.cnf
...
# Size of the buffer used for index blocks
key_buffer = 16M
# Maximum size of one packet or any generated/intermediate string
max_allowed_packet = 16M
# Number of threads the server should cache for reuse
thread_cache_size = 64
# Maximum allowed number of simultaneous client connections
max_connections = 256
# Number of open tables for all threads
table_cache = 1024
# Number of table definitions that can be stored in the definition cache
table_definition_cache = 1024
# Do not cache results that are larger than this number of bytes
query_cache_limit = 16M
# Amount of memory allocated for caching query results
query_cache_size = 1024M
# Minimum size (in bytes) for blocks allocated by the query cache
query_cache_min_res_unit = 512
# 0: do not cache
# 1: cache all cacheable query results except for those that begin with SELECT SQL_NO_CACHE
# 2: cache results only for cacheable queries that begin with SELECT SQL_CACHE
query_cache_type = 1
# Slow queries are logged
log_slow_queries = /var/log/mysql/mysql-slow.log
# If a query takes longer than this value (seconds), the server logs the query
long_query_time = 5
# Queries that are expected to retrieve all rows are logged
log-queries-not-using-indexes
# Size in bytes of the memory buffer that InnoDB uses to cache data and indexes of its tables
innodb_buffer_pool_size = 4096M

With respect to MySQL, stand out that it is also important to defragment the query cache to enhance its utilization, by carrying out a "flush query cache" on the database. In my installation, I have seen that the optimum period is every hour.

And finally, I have changed certain parameters from the Zabbix configuration file. The most important variable is related to the pre-forked pollers.

If this number is not enough, your Zabbix server will not be able to save all monitored data and you will find lack of many values. This is due to if the server runs out of sufficient processes to attend the requests, they will be ruled out and not registered.

Subscribe to

Follow by Email

About the author...

Javier Andrés Alonso has got a Master's Degree in Telecommunication Engineering and a Bachelor's Degree in Telecommunication Technical Engineering (specialising in Telematics), from the Polytechnic School of the University of Alcalá de Henares.